|From:||William Lee Irwin III <wli-AT-holomorphy.com>|
|To:||Stephen Smalley <sds-AT-epoch.ncsc.mil>, Andrea Arcangeli <andrea-AT-suse.de>, Andrew Morton <akpm-AT-osdl.org>, lkml <linux-kernel-AT-vger.kernel.org>, kenneth.w.chen-AT-intel.com, Chris Wright <chrisw-AT-osdl.org>|
|Date:||Thu, 1 Apr 2004 09:51:14 -0800|
On Thu, Apr 01, 2004 at 12:37:51PM -0500, Stephen Smalley wrote: >> What prevents any uid 0 process from changing these sysctl settings >> (aside from SELinux, if you happen to use it and configure the policy >> accordingly)? On Thu, Apr 01, 2004 at 09:44:05AM -0800, William Lee Irwin III wrote: > I'm aware it does some very unintelligent things to the security model, > e.g. anyone with fs-level access to these things can basically escalate > their capabilities to "everything". Maybe some kind of big fat warning > is in order. Index: mm4-2.6.5-rc3/security/Kconfig =================================================================== --- mm4-2.6.5-rc3.orig/security/Kconfig 2004-04-01 07:38:49.000000000 -0800 +++ mm4-2.6.5-rc3/security/Kconfig 2004-04-01 09:49:43.000000000 -0800 @@ -49,6 +49,13 @@ depends on SECURITY!=n help This allows you to disable capabilities with sysctls. + It effectively breaks the kernel's security model so that + any user with fs-level access to /proc/sys/capability/* + can escalate their privileges to "able to do anything", + but some users have special-case needs for these things. + Don't use this on any system with untrusted local users. + It's probably best to firewall the living daylights out + of anything using this also. source security/selinux/Kconfig - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds